Hacker Uses Apple Tech Support to Hack iCloud

Mat Honan, a former contributor from Gizmodo blogged last Friday that a hacker accessed his iCloud account and remotely wiped his iPhone, iPad, and MacBook Air. Apart from his devices, the hacker also gained access to his Twitter and G-mail accounts.

According to him, he used a seven digit alphanumeric password on his iCloud account for years, and he never used it anywhere. His initial guess was, the hacker used brute force to get his password and to access his accounts. His guess was wrong.

In his blog, Honan wrote the following details about the incident:

At 4:50 PM, someone got into my iCloud account, reset the password, and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password and then reset it to do the damage to my devices.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone

At 5:01 PM, they remote wiped my iPad

At 5:05, they remote wiped my MacBook Air.

A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s, they were then able to gain entry to that as well.

He contacted Apple Inc. (NASDAQ:AAPL)’s tech support to resolve the issue and he was informed that a serious forensic investigation is necessary to restore his devices. Later on, the hacker contacted him and admitted that he didn’t guess or use brute force to access Honan’s account, instead he had his “own guide on how to secure e-mails.” What exactly happened? Honan said the hacker and Apple Inc. (NASDAQ:AAPL) confirmed that the incident was not password related. According to him, Apple’s tech support, and clever social engineering allowed the hacker to bypass security questions.”

On the other hand, Tony Bradley, a contributor for PC World, said that his experience with Apple’s tech support was opposite to what happened to Honan. According to him, one day he just lost access to his iPhone, iCloud, and other Apple services, because it was used by another Apple ID account.

It took him over a year to resolve the issue, because Apple’s tech support was so strict and they would not allow him to access his own account. It turned out nobody hacked his account, instead his Apple account was associated with two me.com addresses he owned, which were not set up to receive messages, and his security question did not work because he did not set them up as well.

Based on his experience, he pointed out, “I found Apple Support to be tight-lipped to a fault, and I’m surprised the attackers in the Matt Honan / Gizmodo incident were able to socially engineer their way into his iCloud account. It took me over a year to “socially engineer” my way into my own Apple ID.

Judging from the two experiences, it seems Honan’s hacker is cunning and experienced in deceiving Apple’s tech support into disclosing private information. The incident was alarming, the tech support should remain strict in dealing with individuals claiming ownership on any Apple account. Honan’s experienced was more devastating when compared to Bradley’s experience with Apple’s tech support.